| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
3551 |
CVE-2017-9154 |
125 |
|
DoS |
2017-05-23 |
2017-05-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid read and SEGV), related to the GET_COLOR function in color.c:16:11. |
|
3552 |
CVE-2017-9149 |
200 |
|
+Info |
2017-05-22 |
2017-06-08 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Metadata Anonymisation Toolkit (MAT) 0.6 and 0.6.1 silently fails to perform "Clean metadata" actions upon invocation from the Nautilus contextual menu, which allows context-dependent attackers to obtain sensitive information by reading a file for which cleaning had been attempted. |
|
3553 |
CVE-2017-9134 |
200 |
|
+Info |
2017-05-21 |
2017-05-26 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An information-leakage issue was discovered on Mimosa Client Radios before 2.2.3 and Mimosa Backhaul Radios before 2.2.3. There is a page in the web interface that will show you the device's serial number, regardless of whether or not you have logged in. This information-leakage issue is relevant because there is another page (accessible without any authentication) that allows you to remotely factory reset the device simply by entering the serial number. |
|
3554 |
CVE-2017-9132 |
798 |
|
+Info |
2017-05-21 |
2017-05-26 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
A hard-coded credentials issue was discovered on Mimosa Client Radios before 2.2.3, Mimosa Backhaul Radios before 2.2.3, and Mimosa Access Points before 2.2.3. These devices run Mosquitto, a lightweight message broker, to send information between devices. By using the vendor's hard-coded credentials to connect to the broker on any device (whether it be an AP, Client, or Backhaul model), an attacker can view all the messages being sent between the devices. If an attacker connects to an AP, the AP will leak information about any clients connected to it, including the serial numbers, which can be used to remotely factory reset the clients via a page in their web interface. |
|
3555 |
CVE-2017-9131 |
20 |
|
Exec Code |
2017-05-21 |
2017-05-26 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
An issue was discovered on Mimosa Client Radios before 2.2.3 and Mimosa Backhaul Radios before 2.2.3. By connecting to the Mosquitto broker on an access point and one of its clients, an attacker can gather enough information to craft a command that reboots the client remotely when sent to the client's Mosquitto broker, aka "unauthenticated remote command execution." This command can be re-sent endlessly to act as a DoS attack on the client. |
|
3556 |
CVE-2017-9118 |
125 |
|
|
2018-08-02 |
2018-11-08 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
PHP 7.1.5 has an Out of bounds access in php_pcre_replace_impl via a crafted preg_replace call. |
|
3557 |
CVE-2017-9098 |
200 |
|
+Info |
2017-05-19 |
2018-08-03 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
ImageMagick before 7.0.5-2 and GraphicsMagick before 1.3.24 use uninitialized memory in the RLE decoder, allowing an attacker to leak sensitive information from process memory space, as demonstrated by remote attacks against ImageMagick code in a long-running server process that converts image data on behalf of multiple users. This is caused by a missing initialization step in the ReadRLEImage function in coders/rle.c. |
|
3558 |
CVE-2017-9091 |
20 |
|
Bypass |
2017-05-19 |
2017-05-24 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
/admin/loginc.php in Allen Disk 1.6 doesn't check if isset($_SESSION['captcha']['code']) == 1, which leads to CAPTCHA bypass by emptying $_POST['captcha']. |
|
3559 |
CVE-2017-9090 |
20 |
|
Bypass |
2017-05-19 |
2017-05-24 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
reg.php in Allen Disk 1.6 doesn't check if isset($_SESSION['captcha']['code'])==1, which makes it possible to bypass the CAPTCHA via an empty $_POST['captcha']. |
|
3560 |
CVE-2017-9066 |
918 |
|
|
2017-05-18 |
2018-01-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
In WordPress before 4.7.5, there is insufficient redirect validation in the HTTP class, leading to SSRF. |
|
3561 |
CVE-2017-9065 |
20 |
|
|
2017-05-18 |
2017-11-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
In WordPress before 4.7.5, there is a lack of capability checks for post meta data in the XML-RPC API. |
|
3562 |
CVE-2017-9062 |
19 |
|
|
2017-05-18 |
2017-11-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
In WordPress before 4.7.5, there is improper handling of post meta data values in the XML-RPC API. |
|
3563 |
CVE-2017-9050 |
119 |
|
Overflow |
2017-05-18 |
2017-11-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictAddString function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for CVE-2016-1839. |
|
3564 |
CVE-2017-9049 |
119 |
|
Overflow |
2017-05-18 |
2017-11-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictComputeFastKey function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for libxml2 Bug 759398. |
|
3565 |
CVE-2017-9048 |
119 |
|
Overflow |
2017-05-18 |
2017-11-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a stack-based buffer overflow. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. At the end of the routine, the function may strcat two more characters without checking whether the current strlen(buf) + 2 < size. This vulnerability causes programs that use libxml2, such as PHP, to crash. |
|
3566 |
CVE-2017-9047 |
119 |
|
Overflow |
2017-05-18 |
2017-11-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
A buffer overflow was discovered in libxml2 20904-GITv2.9.4-16-g0741801. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. The variable len is assigned strlen(buf). If the content->type is XML_ELEMENT_CONTENT_ELEMENT, then (i) the content->prefix is appended to buf (if it actually fits) whereupon (ii) content->name is written to the buffer. However, the check for whether the content->name actually fits also uses 'len' rather than the updated buffer length strlen(buf). This allows us to write about "size" many bytes beyond the allocated memory. This vulnerability causes programs that use libxml2, such as PHP, to crash. |
|
3567 |
CVE-2017-9035 |
200 |
|
+Info |
2017-05-25 |
2017-06-01 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows attackers to eavesdrop and tamper with updates by leveraging unencrypted communications with update servers. |
|
3568 |
CVE-2017-9030 |
22 |
|
Dir. Trav. Bypass |
2017-05-17 |
2017-05-26 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The Codextrous B2J Contact (aka b2j_contact) extension before 2.1.13 for Joomla! allows a directory traversal attack that bypasses a uniqid protection mechanism, and makes it easier to read arbitrary uploaded files. |
|
3569 |
CVE-2017-9024 |
22 |
|
Dir. Trav. |
2017-05-21 |
2017-05-31 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Secure Bytes Cisco Configuration Manager, as bundled in Secure Bytes Secure Cisco Auditor (SCA) 3.0, has a Directory Traversal issue in its TFTP Server, allowing attackers to read arbitrary files via ../ sequences in a pathname. |
|
3570 |
CVE-2017-9022 |
20 |
|
DoS |
2017-06-08 |
2018-08-13 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The gmp plugin in strongSwan before 5.5.3 does not properly validate RSA public keys before calling mpz_powm_sec, which allows remote peers to cause a denial of service (floating point exception and process crash) via a crafted certificate. |
|
3571 |
CVE-2017-9000 |
200 |
|
+Info |
2018-08-06 |
2018-10-18 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
ArubaOS, all versions prior to 6.3.1.25, 6.4 prior to 6.4.4.16, 6.5.x prior to 6.5.1.9, 6.5.2, 6.5.3 prior to 6.5.3.3, 6.5.4 prior to 6.5.4.2, 8.x prior to 8.1.0.4 FIPS and non-FIPS versions of software are both affected equally is vulnerable to unauthenticated arbitrary file access. An unauthenticated user with network access to an Aruba mobility controller on TCP port 8080 or 8081 may be able to access arbitrary files stored on the mobility controller. Ports 8080 and 8081 are used for captive portal functionality and are listening, by default, on all IP interfaces of the mobility controller, including captive portal interfaces. The attacker could access files which could contain passwords, keys, and other sensitive information that could lead to full system compromise. |
|
3572 |
CVE-2017-8982 |
264 |
|
Bypass |
2018-02-15 |
2018-05-20 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
A Remote Authentication Restriction Bypass vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P4 was found. |
|
3573 |
CVE-2017-8980 |
200 |
|
+Info |
2018-02-15 |
2018-02-26 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
A Remote Disclosure of Information vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P2 was found. |
|
3574 |
CVE-2017-8970 |
200 |
|
+Info |
2018-02-15 |
2018-03-15 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
A remote unauthenticated disclosure of information vulnerability in HPE Matrix Operating Environment version 7.6 LR1 was found. |
|
3575 |
CVE-2017-8952 |
200 |
|
+Info |
2018-02-15 |
2018-03-06 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
A Disclosure of Sensitive Information vulnerability in HPE SiteScope version v11.2x, v11.3x was found. |
|
3576 |
CVE-2017-8945 |
601 |
|
|
2018-02-15 |
2018-03-12 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
A Remote Unauthorized Disclosure of Information vulnerability in HPE IceWall Federation Agent version 3.0 was found. |
|
3577 |
CVE-2017-8929 |
416 |
|
DoS |
2017-05-14 |
2017-05-23 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The sized_string_cmp function in libyara/sizedstr.c in YARA 3.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted rule. |
|
3578 |
CVE-2017-8921 |
22 |
|
Dir. Trav. |
2017-05-12 |
2017-05-26 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
In FlightGear before 2017.2.1, the FGCommand interface allows overwriting any file the user has write access to, but not with arbitrary data: only with the contents of a FlightGear flightplan (XML). A resource such as a malicious third-party aircraft could exploit this to damage files belonging to the user. Both this issue and CVE-2016-9956 are directory traversal vulnerabilities in Autopilot/route_mgr.cxx - this one exists because of an incomplete fix for CVE-2016-9956. |
|
3579 |
CVE-2017-8915 |
20 |
|
DoS |
2017-05-23 |
2018-12-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
sinopia, as used in SAP HANA XS 1.00 and 2.00, allows remote attackers to cause a denial of service (assertion failure and service crash) by pushing a package with a filename containing a $ (dollar sign) or % (percent) character, aka SAP Security Note 2407694. |
|
3580 |
CVE-2017-8893 |
119 |
|
DoS Overflow |
2017-07-02 |
2017-07-07 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
AeroAdmin 4.1 uses a function to copy data between two pointers where the size of the data copied is taken directly from a network packet. This can cause a buffer overflow and denial of service. |
|
3581 |
CVE-2017-8868 |
22 |
|
Dir. Trav. CSRF |
2017-05-10 |
2017-05-17 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
acp/core/files.browser.php in flatCore 1.4.7 allows file deletion via directory traversal in the delete parameter to acp/acp.php. The risk might be limited to requests submitted through CSRF. |
|
3582 |
CVE-2017-8863 |
200 |
|
+Info |
2017-11-22 |
2017-12-12 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Information disclosure of .esp source code on the Cohu 3960 allows an attacker to view sensitive information such as application logic with a simple web browser. |
|
3583 |
CVE-2017-8860 |
200 |
|
+Info |
2017-11-22 |
2017-12-12 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Information disclosure through directory listing on the Cohu 3960HD allows an attacker to view and download source code, log files, and other sensitive device information via a specially crafted web request with an extra / character, such as a "GET // HTTP/1.1" request. |
|
3584 |
CVE-2017-8855 |
284 |
|
|
2017-05-09 |
2017-05-17 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
wolfSSL before 3.11.0 does not prevent wc_DhAgree from accepting a malformed DH key. |
|
3585 |
CVE-2017-8840 |
200 |
|
+Info |
2017-06-05 |
2017-08-12 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Debug information disclosure exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. A direct request to cgi-bin/HASync/hasync.cgi?debug=1 shows Master LAN Address, Serial Number, HA Group ID, Virtual IP, and Submitted syncid. |
|
3586 |
CVE-2017-8837 |
255 |
|
|
2017-06-05 |
2017-08-12 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Cleartext password storage exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The files in question are /etc/waipass and /etc/roapass. In case one of these devices is compromised, the attacker can gain access to passwords and abuse them to compromise further systems. |
|
3587 |
CVE-2017-8825 |
476 |
|
|
2017-05-08 |
2017-05-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
A null dereference vulnerability has been found in the MIME handling component of LibEtPan before 1.8, as used in MailCore and MailCore 2. A crash can occur in low-level/imf/mailimf.c during a failed parse of a Cc header containing multiple e-mail addresses. |
|
3588 |
CVE-2017-8821 |
119 |
|
DoS Overflow |
2017-12-03 |
2017-12-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, an attacker can cause a denial of service (application hang) via crafted PEM input that signifies a public key requiring a password, which triggers an attempt by the OpenSSL library to ask the user for the password, aka TROVE-2017-011. |
|
3589 |
CVE-2017-8820 |
476 |
|
DoS |
2017-12-03 |
2017-12-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, remote attackers can cause a denial of service (NULL pointer dereference and application crash) against directory authorities via a malformed descriptor, aka TROVE-2017-010. |
|
3590 |
CVE-2017-8819 |
284 |
|
|
2017-12-03 |
2017-12-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, the replay-cache protection mechanism is ineffective for v2 onion services, aka TROVE-2017-009. An attacker can send many INTRODUCE2 cells to trigger this issue. |
|
3591 |
CVE-2017-8815 |
20 |
|
|
2017-11-15 |
2017-11-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The language converter in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows attribute injection attacks via glossary rules. |
|
3592 |
CVE-2017-8814 |
20 |
|
|
2017-11-15 |
2017-11-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The language converter in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows attackers to replace text inside tags via a rule definition followed by "a lot of junk." |
|
3593 |
CVE-2017-8812 |
284 |
|
|
2017-11-15 |
2017-11-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows remote attackers to inject > (greater than) characters via the id attribute of a headline. |
|
3594 |
CVE-2017-8810 |
200 |
|
+Info |
2017-11-15 |
2017-11-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2, when a private wiki is configured, provides different error messages for failed login attempts depending on whether the username exists, which allows remote attackers to enumerate account names and conduct brute-force attacks via a series of requests. |
|
3595 |
CVE-2017-8776 |
254 |
|
|
2017-05-04 |
2017-05-15 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Quick Heal Internet Security 10.1.0.316, Quick Heal Total Security 10.1.0.316, and Quick Heal AntiVirus Pro 10.1.0.316 have approximately 165 PE files in the default installation that do not use ASLR/DEP protection mechanisms that provide sufficient defense against directed attacks against the product. |
|
3596 |
CVE-2017-8769 |
200 |
|
+Info |
2017-05-18 |
2017-10-27 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
** DISPUTED ** Facebook WhatsApp Messenger before 2.16.323 for Android uses the SD card for cleartext storage of files (Audio, Documents, Images, Video, and Voice Notes) associated with a chat, even after that chat is deleted. There may be users who expect file deletion to occur upon chat deletion, or who expect encryption (consistent with the application's use of an encrypted database to store chat text). NOTE: the vendor reportedly indicates that they do not "consider these to be security issues" because a user may legitimately want to preserve any file for use "in other apps like the Google Photos gallery" regardless of whether its associated chat is deleted. |
|
3597 |
CVE-2017-8700 |
284 |
|
Bypass |
2017-11-14 |
2018-02-01 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
ASP.NET Core 1.0, 1.1, and 2.0 allow an attacker to bypass Cross-origin Resource Sharing (CORS) configurations and retrieve normally restricted content from a web application, aka "ASP.NET Core Information Disclosure Vulnerability". |
|
3598 |
CVE-2017-8650 |
254 |
|
Bypass |
2017-08-08 |
2017-08-15 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to exploit a security feature bypass due to Microsoft Edge not properly enforcing same-origin policies, aka "Microsoft Edge Security Feature Bypass Vulnerability". |
|
3599 |
CVE-2017-8621 |
601 |
|
|
2017-07-11 |
2017-07-17 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Microsoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange Server 2013 CU16, and Exchange Server 2016 CU5 allows an open redirect vulnerability that could lead to spoofing, aka "Microsoft Exchange Open Redirect Vulnerability". |
|
3600 |
CVE-2017-8585 |
20 |
|
DoS |
2017-07-11 |
2017-12-01 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Microsoft .NET Framework 4.6, 4.6.1, 4.6.2, and 4.7 allow an attacker to send specially crafted requests to a .NET web application, resulting in denial of service, aka .NET Denial of Service Vulnerability. |
